Hey people!
On earlier versions of IOS-XE, before 16.3.2, you could run debug pre to get debugs of control policies to see what classes were being evaluated and hit. After 16.3.2, debugs moved out of IOSd into its own Linux daemon. Now you have to use the set platform software trace smd switch active r0 <module name> to enable debugs. I have enabled debugs for RADIUS, Dot1X, Auth manager, and EPM, and I even tried to enable all modules to debug with the set platform software trace smd switch active r0 all-modules debug command. However I get no output on the control policy.
Initial debugs that were enabled:
AS01#show platform software trace level smd switch active r0 | i Debug
auth-mgr-all Debug
dot1x-all Debug
epm-all Debug
radius Debug
I do get output from everything else, for example:
{smd_R0-0}{1}: [dot1x] [18393]: (info): [0000.0000.0000:unknown] Received EAPOL pkt (size=92) on l2 socket{smd_R0-0}{1}: [radius] [18393]: (info): RADIUS: Send Access-Request to 192.168.128.102:1812 id 1812/10, len 332The only thing being logged that has anything to do with pre is:
{smd_R0-0}{1}: [auth-mgr] [18393]: (info): [5254.0003.af42:Gi1/0/2] Handling external PRE event AuthZ Success
At this point I'm not sure if this is a limitation of the Catalyst9000v that I'm using in CML, or if it's also on HW switches. If anyone has the possibility to test this on a lab switch I would highly appreciate it.
Thank you!
Daniel Dib
CCIE #37149
CCDE #20160011
Please rate helpful posts.
